Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2018
CVE-2018-1229
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-03-21
CVE-2018-1230
Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-03-21
CVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-03-21
CVE-2018-8073
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-03-21
CVE-2018-8074
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
CVSS Score
8.1
EPSS Score
0.009
Published
2018-03-21
CVE-2017-18241
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-03-21
CVE-2018-1344
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
CVSS Score
3.1
EPSS Score
0.002
Published
2018-03-21
CVE-2018-1345
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-03-21
CVE-2018-1346
Addresses denial of service attack to eDirectory versions prior to 9.1.
CVSS Score
3.1
EPSS Score
0.003
Published
2018-03-21
CVE-2018-1347
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved